by Ted Koppel
Major General Brett Williams, the former director of operations for United States Cyber Command, dismissed President Obama’s warnings in the wake of the Sony attack as “empty statements.” Going further, he declared that “there’s nothing we could do in cyber. Certainly nothing we are willing to do, because it crosses a lot of red lines.”
Indeed, when administration officials briefed reporters on retaliatory measures that had been taken against North Korea, they turned out to be “largely symbolic” economic sanctions levied against ten North Korean officials and an internal intelligence agency.
While cutting off the Internet connectivity of a country that scarcely connects with the outside world may be less than a body blow, prudence imposes limits on other forms of retaliation. North Korea has artillery in abundance—thirteen thousand pieces, by South Korean estimates. Deployed mostly along the demilitarized zone separating North Korea from South Korea, the longest-range artillery pieces are capable of hitting Seoul, and as Williams reminded me, the United States has hardly been more effective an enforcer in the physical realm than in cyberspace. “We can’t stop them [the North Koreans] from launching missiles over Japan,” he said. The North Koreans have, in fact, repeatedly defied warnings from the United States, Japan, and South Korea, launching test flights of their Taepodong-2 missiles over northern Japan and into the Pacific Ocean. North Korea also has—lest we forget—a growing arsenal of nuclear warheads, and the capacity and inclination to share its nuclear technology with America’s enemies.
Nations at war have spent much of the past hundred years developing and then trying to preclude the use of certain classes of weapons. They have, with varying degrees of success, employed and then been horrified by the dreadful impact of poison gas, chemical weapons, and of course the atomic bomb. For more than seventy years now, the unambiguous consequences of nuclear warfare have convinced the bitterest of enemies, in the most dangerous confrontations, not to draw their nuclear swords. That knowledge has restrained the United States and the Soviet Union, the Soviets and the Chinese, the Chinese and India, India and Pakistan.
When the United States and Israel collaboratively launched their cyberattack on Iran’s nuclear program, they set an entire arsenal of new forces into motion. In its limited goal of delaying the development of a nuclear bomb, Stuxnet apparently succeeded. But in her definitive book on the attack, Countdown to Zero Day, Kim Zetter offers a chilling assessment from the executive director of the Bulletin of the Atomic Scientists, Kennette Benedict. “We have come to know how nuclear weapons can destroy societies and human civilization. We have not yet begun to understand how cyber warfare might destroy our way of life,” Benedict noted. “How ironic that the first acknowledged military use of cyber warfare is ostensibly to prevent the spread of nuclear weapons. A new age of mass destruction will begin in an effort to close a chapter from the first age of mass destruction.”
What Benedict described as “the first age of mass destruction” has remained, following the 1945 U.S. bombing of Hiroshima and Nagasaki, in a suspended state of potential rather than actual horror. There have been no subsequent atomic or nuclear attacks. The use of cyber weapons remains in an early stage, and retired U.S. general David Petraeus contended that the development of such weapons has outpaced strategic thinking. Unlike the earliest years of the atomic age, Petraeus told me, when strategic thinkers such as Herman Kahn, Albert Wohlstetter, and Bernard Brodie began developing their theories on nuclear deterrence, we really don’t have something similar for cyberspace. These days Petraeus does his strategic thinking for a private equity firm, serving as chairman of KKR Global Institute. The former CIA director argued that thinking on cyber war remains relatively immature for a couple of reasons: “One is that the development of cyberspace has just been so rapid, so fast, that theorists can’t even keep up intellectually. Second, whereas really only two blocs of countries had nuclear weapons for a long period of time, that’s not true of the cyber arena.”
It is at this stage almost impossible to catalogue the identities and locations of the world’s most sophisticated hackers. Whatever limited reassurance we have that nuclear weapons remain under rational control does not apply to the use of cyber weapons.
I return to General Lloyd Austin, commander of CENTCOM. Name a crisis or trouble spot in the world today, and more likely than not it falls under Austin’s purview. During our interview, I asked him directly, is there a danger that a cyberattack will someday take down a major section of the U.S. electric grid? “It’s not a question of if,” he said, “it’s a question of when someone will try that.”
Why, I wondered, does there seem to be such limited awareness of the impending danger? Austin’s answer was simple. “We’ve not experienced a significant effective attack against our power grid or against our transportation networks. So, like 9/11, I don’t think people realize how vulnerable you are until they see something happen.”
He added, “I think some of the key folks in the banking industry, in the transportation industry, they have clearly realized that there are vulnerabilities that we need to guard against or protect, and they’re doing some things about them. But as you connect one system to the other across this nation, there’s just a lot of points of entry, a lot of points of potential failure that I don’t think people have thought through adequately. The average person doesn’t think this kind of thing can affect their lives, quite frankly.”
As we will see in the coming chapters, the American public are not the only ones unwilling to contemplate, much less cope with, the eventuality of a debilitating cyberattack against our power grid. The government agencies and civic organizations charged with enabling the nation to recover from catastrophe are also woefully unprepared.
Keith Alexander’s many years in the military provide some understanding of those confronting multiple crises simultaneously. He puts it this way: “Everybody’s out there fighting today’s alligators, and we’re talking about future alligators, and they say, ‘Look, I’ve got this problem with ISIS, I’ve got this problem with Afghanistan, Gaza keeps coming up, I got this wingnut in North Korea; and you’re talking about a potential problem.’ There’s no malice aforethought.”
In fact, there’s not much aforethought at all.
9
Step Up, Step Down
Oh, I’m sure FEMA has the capability to bring in backup transformers.
— JEH JOHNSON, SECRETARY OF THE DEPARTMENT OF HOMELAND SECURITY
Let’s be practical. If at this point you remain unconvinced that a successful cyberattack on the electrical power grid is likely, the government’s failure to adequately prepare for dealing with the aftermath will seem like nothing less than prudent economy. If, on the other hand, you’re afflicted by nothing more than clear-eyed skepticism, please stick around. There is a line between prudent economy and misplaced confidence that warrants critical examination.
The nature of the electric power industry is such that it combines modern technology with antiquated equipment. Some of that equipment is so large, so expensive, and so difficult to replace that it constitutes an entire category of vulnerability. If there is one piece of hardware that deserves to be singled out as critical to the nationwide transmission of electricity, it is the large power transformer.
In order for electricity to move over great distances at maximum efficiency, its voltage has to be cranked up. That function is performed by step-up transformers, which take electricity from a generating station and send it flowing at high voltage along the massive power lines that stretch across the American landscape. At times of peak flow those lines along our roads, railways, and highways can actually be seen to sag under the load of surging electricity. At the end stage of the transmission system, a sequence of step-down transformers does what their name suggests, readjusting voltage to a low enough level that the electricity can be safely delivered to the consumer.
No country in the world has a larger base of installed large power transformers than
the United States, and that base is aging. The Department of Energy reports that these “critical component[s] of the bulk transmission grid” are, on average, thirty-eight to forty years old. A senior DOE official told me that age in itself is not of great concern, as transformers have no moving parts. Still, the DOE’s own report, published in April 2014, lays out the potential consequences of failure bluntly: “Power transformers have long been a concern for the U.S. Electricity Sector. The failure of a single unit could result in temporary service interruption and considerable revenue loss, as well as incur replacement and other collateral costs. Should several of these units fail at the same time, it will be challenging to replace.”
“Challenging to replace” doesn’t fully capture the scale and complexity of the problem. To begin, the number of large power transformers (LPTs) in use in the United States is staggering. There is a great deal of information that the power industry refuses to make public, and the exact number of LPTs is one such statistic. The industry has competitive, security, and antitrust justifications for its reluctance to share data; that reluctance, however, extends to sharing with the appropriate federal agencies. The Department of Energy can only hazard a guess as to how many large power transformers are in use, but it reports that the number “could be in the range of tens of thousands.” Even if that number is wildly exaggerated (and it’s difficult to imagine why the DOE would do so), the central issue is the difficulty of replacing transformers. “An LPT is a large, custom-built piece of equipment,” the DOE report explained. “Because LPTs are very expensive [$3 million to $10 million each] and tailored to customers’ specifications, they are usually neither interchangeable with each other nor produced for extensive spare inventories.”
Consider the sum of all those factors. Conservatively, there are thousands of aging transformers, most custom-built, unable to be ordered from a catalogue or mass-produced, each costing somewhere in the neighborhood of $3 million to $10 million. Add to this that there are only a handful of plants in the United States capable of building an LPT—as of this writing, ten such facilities. The vast majority of large power transformers are built overseas, and more than 75 percent of those purchased by the U.S. energy sector must be procured overseas. The estimated lead time, the time from production through shipping to delivery, is commonly between one and two years, and never less than six months.
These transformers are so enormous—anywhere from 400,000 to 600,000 pounds—that they cannot be transported on a standard railroad freight car. It requires the use of a specialized railroad freight car known as a Schnabel. There are only about thirty of these in North America, and as one senior FEMA official conceded, some of the original transformers were delivered so many years ago that the rail lines on which they were transported no longer exist. When LPTs are transported by road it calls for a modular device seventy feet long with twelve axles and 190 wheels. The unit occupies two lanes of traffic and requires special permits from each state through which the transport will pass. Because of the enormous dimensions and weight involved, these special permits often call for the prior inspection of various bridges and other pieces of infrastructure along the way.
All of this combines to present a critical liability for the resilience of the United States power grid. In October 2014 I raised the issue with Jeh Johnson, who during the writing of this book was secretary of homeland security and the cabinet official most directly responsible for the security of the nation’s infrastructure. I asked the secretary what would happen in the event that several transformers were knocked out. How would he go about replacing them? What kind of a backlog exists?
“I’m sure FEMA has the capability to bring in backup transformers,” Johnson said. “If you want an inventory and a number, I couldn’t give you that.”
I had spent part of an afternoon at FEMA headquarters only a few weeks earlier talking with the agency’s administrator, Craig Fugate, about the same issue. Contrary to Johnson’s assurances, Fugate had pinpointed the failure of large transformers as one of his greatest areas of concern: “If you cause overloads and you cause significant damage to the very large transformers, that’s probably one of the most difficult things” for us to respond to, “because there [are] very few manufactured in the United States.” Asked what he would say were Jeh Johnson or the president to ask whether FEMA was prepared for such a scenario, Fugate responded bluntly, “No.” He continued, “Most people expect…that somehow we have enough tools in the tool chest to get power turned back on quickly. The answer is no.”
Notwithstanding Johnson’s reassurance that FEMA has the capability to “bring in” backup transformers, there is almost no such capability in the realm of large power transformers. Those, Fugate went on to explain, depend on the power industry’s willingness to invest in redundancy. Fugate argued that the industry was more inclined to invest in excess capacity and maintenance personnel before deregulation. In the current climate of greater competition, and with management under pressure to return as much profit as possible to shareholders, the bottom line has taken priority over resiliency, especially among smaller and midsized companies.
Johnson, a lawyer by training, had a number of pressing issues on his agenda the week that we talked: the Ebola virus had just made its initial appearance in the United States, ISIS was threatening U.S. citizens and interests, and there had been a couple of major breaches of security at the White House, reflecting poorly on the Secret Service. I took note of the fact that Johnson must have faced a tremendous learning curve getting up to speed on the range of threats to the U.S. infrastructure, and I asked him to tell me how he had learned about the threats to the power grid in particular. Johnson’s answer ran slightly more than thirteen minutes, and he never addressed the question. It was, he conceded a little later, not an area about which he has any expertise. That was why, he said, he had asked several colleagues to join the conversation. He was accompanied by his assistant secretary for public affairs, Tanya Bradsher; by Caitlin Durkovich, assistant secretary for infrastructure protection; and by Suzanne Spaulding, undersecretary for the National Protection and Programs Directorate. In theory, the presence of so many senior officials should multiply the amount of available information. In reality, it has an inhibiting effect.
Durkovich picked up on the question of spare large power transformers. The industry, she said, has a planning scenario, the Spare Transformer Equipment Program (STEP), in which companies would have spare transformers available for their substations. They would also have the ability to lend those transformers to other substations with similar designs. She estimated that there are already between two hundred and three hundred high-voltage supertransformers available. “We are also working to ensure that if they were needed, we could move them across interstate lines in a rapid fashion.” She did not address the issue of how equipment weighing half a million pounds or more would be transported “across interstate lines in a rapid fashion.”
Executives from the Edison Electric Institute claim that there are, in fact, hundreds of large power transformers available to be used as spares; as with the number of LPTs in use, though, the actual number is “proprietary.” Since large power transformers are custom-built, the likelihood that a matching spare can be found for an LPT that fails is small. A couple of hundred spares of differing size and format might provide a patch but not a solution. Spaulding acknowledged as much: “Not every one of those transformers is going to be a plug-in where they might be needed at a substation. There’s a recognition that this is an area of concern. And the industry is trying to figure out can they move away from this…everybody’s different way of operating, so that they can have more interchangeability.”
It’s easy to leave a layperson in the dust, but Jim Fama of the Edison Electric Institute did his best to explain the issue to me. Transformers come in different voltage classes. A 230–500 kV transformer is not interchangeable with a 345–500 kV transformer, for example. But within a given class, Fama assured me, adjustment
s can be made, and that, he said, is what STEP is about.
No one is suggesting that there is anything approaching a quick fix. Moving those enormous pieces of equipment represents a massive obstacle no matter what. Scott Aaronson, Edison Electric’s director of national security, mentioned another component to STEP, something called the recovery transformer. Think of it, he explained, as the equivalent of one of those small spare tires that will at least get you to the next gas station. One senior FEMA official, speaking on the condition of anonymity, told me the program was being developed by Homeland Security’s Science and Technology Division. When it’s up and running, the program will daisy-chain two or more mini-transformers as replacements for large power transformers that fail. That program, he said, was being jointly conducted and funded by government and industry, though it is still in the testing stage and nothing has been produced commercially yet.
General Keith Alexander expressed far greater pessimism about the timeline for recovery from an attack on a power grid, estimating that it would take several months. Why so long, when repairing (for example) Hurricane Sandy’s damage to the grid took only a week? “Because,” he said, “there are parts of the infrastructure that would go down that are not easily replaced, like the transformers. So point number one: get me some more transformers.”
“Current waiting time,” I offered, “over a year.”
“Right. That’s probably not acceptable. So you say, ‘OK, who’s going to fix that? You got that one? How many do we need? Go get it.’ Does that make sense?”
Asked why we haven’t made planning for this scenario more of a priority, he chuckled. “You’re talking about a potential problem. How do I plan for future problems while I conduct current operations? In the military you have the current ops officer, but you also have the plans officer. The point that needs to be made is that this is an issue. It’s got to be planned for.”